Users Guide
Figure 1. Conguration of iDRAC with active directory standard schema
In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To
give this user access to a specic iDRAC, the role group name and its domain name need to be congured on the specic iDRAC.
The role and the privilege level are dened on each iDRAC and not in the Active Directory. You can congure up to ve role groups in
each iDRAC. Table reference no shows the default role group privileges.
Table 20. Default role group privileges
Role Groups Default Privilege Level Permissions Granted Bit Mask
Role Group 1 None Log in to iDRAC, Congure
iDRAC, Congure Users, Clear
Logs, Execute Server Control
Commands, Access Virtual
Console, Access Virtual Media,
Test Alerts, Execute Diagnostic
Commands
0x000001
Role Group 2 None Log in to iDRAC, Congure
iDRAC, Execute Server Control
Commands, Access Virtual
Console, Access Virtual Media,
Test Alerts, Execute Diagnostic
Commands
0x000000f9
Role Group 3 None Log in to iDRAC 0x00000001
Role Group 4 None No assigned permissions 0x00000000
Role Group 5 None No assigned permissions 0x00000000
NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.
Single domain versus multiple domain scenarios
If all the login users and role groups, including the nested groups, are in the same domain, then only the domain controllers’ addresses
must be congured on iDRAC. In this single domain scenario, any group type is supported.
If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses
must be congured on iDRAC. In this multiple domain scenario, all the role groups and nested groups, if any, must be a Universal
Group type.
132